Hi.
How to revoke the grant by hive.security.authorization.createtable.role.grants ?
Env:
host 172.31.10.119
port 50033
version apache-hive-2.3.5-bin
database tools
hive-site.xml
<property>
<name>hive.security.authorization.createtable.role.grants</name>
<value>da:select;</value>
</property>
<property>
<name>hive.users.in.admin.role</name>
<value>root,tools </value>
</property>
0. Start hiveserver2
>/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033
>--hiveconf hive.server2.webui.port=10003
1. create table
#/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools
>use tools;
>create table test1 as select * from tools.test99 limit 10;
>show grant on table tools.test1;
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| tools | test1 | | | da | ROLE |
SELECT | true | 1565061852000 | tools |
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
2. revoke select on role da
> set role damin;
> revoke select on table tools.test1 from role da;
3. err log
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege
[name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object
[type=TABLE_OR_VIEW, name=tools.test1] granted by tools
